Abstrato

SoapUI and Soap Sonar Testing Tool Using Vulnerability Detection of Web Service

Ramakrishnan.R , Anbarasi.J, Kavitha.V

Web Services are modular software applications that can be described, published, located, and invoked across a network, such as the World Wide Web .Web services provide a simple interface between a provider and a consumer and are supported by a complex software infrastructure which is typically includes in the applications to server, the operating system and a set of external systems. In this technology is susceptible to the Cross-site Scripting (XSS) attack is takes advantage to existing vulnerabilities. In the proposed approach is using two Security Testing techniques they are Penetration Testing and Fault Injection, which emulate the XSS attack against to Web Services. This technology, combined with WSSecurity (WSS) and Security Tokens can identify their sender and to guarantee the legitimate access control to the SOAP messages are exchanged. So we use the vulnerability scanner soapUI that is one of the most recognized tools of Penetration Testing. In another way WSInject is a new fault injection tool can introduces faults in Web Services to analyze the behavior in an environment not in their robust. Therefore results shows their use of WSInject is comparison to soapUI can improve the detection in the vulnerability allows to emulate XSS attack and generates new types of them.

Isenção de responsabilidade: Este resumo foi traduzido usando ferramentas de inteligência artificial e ainda não foi revisado ou verificado